0c5bd5e647
添加OAuth2认证相关配置文件和服务实现,包括环境变量配置、PKCE流程支持、token管理等功能。主要变更: - 新增OAuth2配置文件 - 实现OAuth2服务层 - 更新请求拦截器支持token自动刷新 - 修改认证API和store以支持OAuth2流程
123 lines
3.4 KiB
C#
123 lines
3.4 KiB
C#
using Fengling.AuthService.Configuration;
|
|
using Fengling.AuthService.Data;
|
|
using Fengling.AuthService.Models;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using Microsoft.OpenApi;
|
|
using OpenTelemetry;
|
|
using OpenTelemetry.Resources;
|
|
using OpenTelemetry.Trace;
|
|
using Serilog;
|
|
|
|
var builder = WebApplication.CreateBuilder(args);
|
|
|
|
Log.Logger = new LoggerConfiguration()
|
|
.ReadFrom.Configuration(builder.Configuration)
|
|
.Enrich.FromLogContext()
|
|
.WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level:u3}] {Message:lj}{NewLine}{Exception}")
|
|
.CreateLogger();
|
|
|
|
builder.Host.UseSerilog();
|
|
|
|
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
|
|
builder.Services.AddDbContext<ApplicationDbContext>(options =>
|
|
{
|
|
options.UseNpgsql(connectionString);
|
|
options.UseOpenIddict();
|
|
});
|
|
|
|
builder.Services.AddRazorPages();
|
|
builder.Services.AddControllersWithViews();
|
|
|
|
builder.Services.AddIdentity<ApplicationUser, ApplicationRole>()
|
|
.AddEntityFrameworkStores<ApplicationDbContext>()
|
|
.AddDefaultTokenProviders();
|
|
|
|
builder.Services.AddAuthentication(options =>
|
|
{
|
|
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
|
}).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
|
|
{
|
|
options.Cookie.Name = "Fengling.Auth";
|
|
options.Cookie.SecurePolicy = CookieSecurePolicy.None;
|
|
options.Cookie.SameSite = SameSiteMode.Lax;
|
|
options.ExpireTimeSpan = TimeSpan.FromDays(7);
|
|
});
|
|
|
|
builder.Services.AddOpenIddictConfiguration(builder.Configuration);
|
|
|
|
builder.Services.AddOpenTelemetry()
|
|
.ConfigureResource(resource =>
|
|
resource.AddService("Fengling.AuthService"))
|
|
.WithTracing(tracing =>
|
|
tracing.AddAspNetCoreInstrumentation()
|
|
.AddHttpClientInstrumentation()
|
|
.AddSource("OpenIddict.Server.AspNetCore")
|
|
.AddOtlpExporter());
|
|
|
|
builder.Services.AddControllersWithViews();
|
|
|
|
builder.Services.AddHealthChecks()
|
|
.AddNpgSql(builder.Configuration.GetConnectionString("DefaultConnection")!);
|
|
|
|
builder.Services.AddSwaggerGen(options =>
|
|
{
|
|
options.SwaggerDoc("v1", new OpenApiInfo
|
|
{
|
|
Title = "Fengling Auth Service",
|
|
Version = "v1",
|
|
Description = "Authentication and authorization service using OpenIddict"
|
|
});
|
|
|
|
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
|
|
{
|
|
Type = SecuritySchemeType.OAuth2,
|
|
Flows = new OpenApiOAuthFlows
|
|
{
|
|
Password = new OpenApiOAuthFlow
|
|
{
|
|
TokenUrl = new Uri("/connect/token", UriKind.Relative)
|
|
}
|
|
}
|
|
});
|
|
});
|
|
|
|
var app = builder.Build();
|
|
|
|
using (var scope = app.Services.CreateScope())
|
|
{
|
|
await SeedData.Initialize(scope.ServiceProvider);
|
|
}
|
|
|
|
app.UseCors(x =>
|
|
{
|
|
x.SetIsOriginAllowed(origin => true)
|
|
.AllowAnyHeader()
|
|
.AllowAnyMethod()
|
|
.AllowCredentials()
|
|
.Build();
|
|
});
|
|
app.UseStaticFiles();
|
|
app.UseRouting();
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
var isTesting = builder.Configuration.GetValue<bool>("Testing", false);
|
|
if (!isTesting)
|
|
{
|
|
app.UseSwagger();
|
|
app.UseSwaggerUI(options =>
|
|
{
|
|
options.SwaggerEndpoint("/swagger/v1/swagger.json", "Fengling Auth Service v1");
|
|
options.OAuthClientId("swagger-ui");
|
|
options.OAuthUsePkce();
|
|
});
|
|
}
|
|
|
|
app.MapRazorPages();
|
|
app.MapControllers();
|
|
app.MapHealthChecks("/health");
|
|
|
|
app.Run();
|